What do you do when a staffer’s ‘ooops’ moment costs you a lot of money?

It depends. If the ooops is a damaged piece of equipment, most organizations forgive and forget. It if leads to a libel suit, it could result in dismissal. Ditto if it’s insubordination.

But what if it’s clicking on a link that leads to a network intrusion?

An awareness-training vendor says IT security could be vastly improved if staff learn there will be more than a shrug of the shoulders or a lecture from management, says Stu Sjouwerman, CEO of KnowBe4 told Networkworld U.S.

Sjouwerman’s company offers online training for staff that gets triggered when employees click on potentially malicious links. A company I wrote about last year also offers ways to train staff to be more careful with their clicking finger.


Sjouwerman suggests that a bit of pressure may be necessary from senior management to get offenders to slow down. Perhaps, though, more than a verbal spanking is needed.

It’s a serious problem: In my job I’m flooded with email from vendors, would-be vendors and readers who want my attention. Reading email headers often doesn’t tell me what I need to know to make a decision on what to pay attention to. So far, I’ve been lucky and apparently over the years I haven’t triggered a network fault.

But it also begs the question of whether management should dismiss a person who makes a critical mistake. It would certainly get the message across. However, as one of the related links above details, by masquerading though Linkedin as a fellow employee even a supposedly sophisticated U.S. security agency got snookered.

Dismissal for the first-time offender? Not yet.

Read the whole story here.

  • Charles

    Training is a good idea, but good system design would be an added gate keeper. That is, the same way many applications and operating systems give a warning by asking you if you are sure you want to complete an action, either because it cannot be undone or leaves your device open to hacking etc….

    Now if it is your sys admin staff who are doing the errors, maybe you should recycle them somewhere else in the organization where their errors will be less costly.